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CLAIMS 

What is claimed is: 

1 . A method for automatically negotiating a security protocol, comprising: 
receiving a security authorization request to establish a secure connection 

between an internal node, the internal node being internal to a security-enabled 
domain, and an external node, the external node being external to the security-enabled 
domain; 

comparing a first protocol set associated with the internal node to a second 
protocol set associated with the external node; and 

establishing a secure connection between the external node and the internal 
node when a matching protocol between the first protocol set and the second protocol 
set is found. 

2. A method according to claim 1, wherein the external node comprises at least 
one of a computer and a network-enabled wireless device. 

3. A method according to claim 1, wherein the internal node comprises at least 
one of a client computer and a server. 

4. A method according to claim 1, wherein the security-enabled domain 
comprises a distributed directory domain. 

5. A method according to claim 1, wherein the security-enabled domain 
comprises a certificate-based domain. 

6. A method according to claim 5, wherein the certificate-based domain 
comprises a Kerberos-enabled domain. 

7. A method according to claim 6, wherein the matching protocol comprises an 
X.509 certificate. ■ 

8. A method according to claim I, wherein the security authorization request is 
generated by the external node. 
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9. A method according to claim 8, wherein the step of receiving the security 
authorization request is executed by the internal node. 

10. A method according to claim 1, wherein the security authorization request is 
generated by the internal node. 

11. A method according to claim 10, wherein the step of receiving the security 
authorization request is executed by the external node. 

12. A method according to claim 1, further comprising a step of terminating the 
secure connection when a session between the external node and the internal node is 
complete. 

13. A method according to claim 1, further comprising a step of terminating 
connection processing when no match between the first protocol set and the second 
protocol set is found. 

14. A method according to claim 1, further comprising a step of selecting a 
protocol to use in establishing the secure connection when a plurality of matching 
protocols are found. 

15. A method according to claim 1, further comprising a step of authenticating at 
least one of the internal node and the external node. 

16. A method according to claim 15, wherein the step of authenticating comprises 
communicating a certificate to a certificate authority. 

17. A system for automatically negotiating a security protocol, comprising: 

a first interface to an internal node, the internal node being internal to a 
security-enabled domain, the internal node having an associated first protocol set; 

a second interface to an external node, the external node being external to the 
security-enabled domain, the external node having an associated second protocol set; 
and 
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a negotiation engine, the negotiation engine receiving a security authorization 
request to establish a secure connection between the internal node and the external 
node, comparing the first protocol set associated with the internal node to the second 
protocol set associated with the external node, and establishing a secure connection 
between the external node and the internal node when a matching protocol between 
the first protocol set and the second protocol set is found. 

18. A system according to claim 17, wherein the external node comprises at least 
one of a computer and a network-enabled wireless device. 

19. A system according to claim 17, wherein the internal node comprises at least 
one of a client computer and a server. 

20. A system according to claim 17, wherein the security-enabled domain 
comprises a distributed directory domain. 

21. A system according to claim 17, wherein the security-enabled domain 
comprises a certificate-based domain. 

22. A system according to claim 21, wherein the 'certificate-based domain 
comprises a Kerberos-enabled domain. 

23. A system according to claim 22, wherein the matching protocol comprises an 
X.509 certificate. 

24. A system according to claim 17, wherein the security authorization request is 
generated by the external node. 

25. A system according to claim 24, wherein the security authorization request is 
received by the internal node. 

26. A system according to claim 17, wherein the security authorization request is 
generated by the internal node. 



27. A system according to claim 26, wherein the security authorization request is 
received by the external node. 
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28. A system according to claim 17, wherein the negotiation engine terminates the 
secure connection when a session between the external node and the interna) node is 
complete. 

29. A system according to claim 17, wherein the negotiation engine terminates 
connection processing when no match between the first protocol set and the second 
protocol set is found. 

30. A system according to claim 17, wherein the negotiation engine selects a 
protocol to use in establishing the secure connection when a plurality of matching 
protocols are found. 

31. A system according to claim 17, wherein at least one of the internal node and 
the external node authenticates the other. 

32. A system according to claim 31, wherein the authenticating comprises 
communicating a certificate to a certificate authority. 

33. A system for automatically negotiating a security protocol, comprising: 

first interface means for interfacing to an internal node, the internal node being 
internal to a security-enabled domain, the internal node having an associated first 
protocol set; 

second interface means for interfacing to an external node, the external node 
being external to the security-enabled domain, the external node having an associated 
second protocol set; and 

negotiation means, the negotiation means for receiving a security authorization 
request to establish a secure connection between the internal node and the external 
node, comparing the first protocol set associated with the internal node to the second 
protocol set associated with the external node, and establishing a secure connection 
between the external node and the internal node when a matching protocol between 
the first protocol set and the second protocol set is found. 

34. A system according to claim 33, wherein the external node comprises at least 
one of a computer and a network-enabled wireless device. 
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35. A system according to claim 33, wherein the internal node comprises at least 
one of a client computer and a server. 

36. A system according to claim 33, wherein the security-enabled domain 
comprises a distributed directory domain. 

37. A system according to claim 36, wherein the security-enabled domain 
comprises a certificate-based domain. 



38. A system according to claim 
comprises a Kerberos-enabled domain. 

39. A system according to claim 38, 
X.509 certificate. 



37, wherein the certificate-based domain 



wherein the matching protocol comprises an 



40. A system according to claim 33, wherein the security authorization request is 
generated by the external node. 

41. A system according to claim 40, wherein the security authorization request is 
received by the internal node. 

42. A system according to claim 33, wherein the security authorization request is 
generated by the internal node. 

43. A system according toclaim 42, wherein the security authorization request is. 
received by the external node. 

44. • A system according to claim 33, wherein the negotiation means terminates the 
secure connection when a session between the external node and the internal node is 
complete. 

45. A system according to claim 33, wherein the negotiation means terminates 
connection processing when no match between the first protocol set and the second 
protocol set is found. 
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46. A system according to claim 33, wherein the negotiation means selects a 
protocol to use in establishing the secure connection when a plurality of matching 
protocols are found. 

47. A system according to claim 33, wherein at least one of the internal node and 
the external node authenticates the other. 

48. A system according to claim 47, wherein the authenticating comprises 
communicating a certificate to a certificate authority. 

49. A computer readable medium, the computer readable medium being readable 
to execute a method for automatically negotiating a security protocol, the method 
comprising: 

receiving a security authorization request to establish a secure connection 
between an internal node, the internal node being internal to a security-enabled 
domain, and an external node, the external node being external to the security-enabled 
domain; 

comparing a first protocol set associated with the internal node to a second 
protocol set associated with the external node; and 

establishing a secure connection between the external node and the internal 
node when a matching protocol between the first protocol set and the second protocol 
set is found. 
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50. A computer readable medium according to claim 49, wherein the external 
node comprises at least one of a computer and a network-enabled wireless device. 

5 1 . A computer readable medium according to claim 49, wherein the internal node 
comprises at least one of a client computer and a server. 

52. A computer readable medium according to claim 49, wherein the security- 
enabled domain comprises a distributed directory domain. 

53. A computer readable medium according to claim 49, wherein the security- 
enabled domain comprises a certificate-based domain. 

54. A computer readable medium according to claim 53, wherein the certificate- 
based domain comprises a Kerberos-enabled domain. 

55. A computer readable medium according to claim 54, wherein the matching 
protocol comprises an X.509 certificate. ■ 

56. A computer readable medium according to claim 49, wherein the step of 
generating a security authorization request is executed by the external node. 

57. A computer readable medium according to claim 56, wherein the step of 
receiving the security authorization request is executed by the internal node. 

58. A computer readable medium according to claim 49, wherein the step of 
generating a security authorization request is executed by the internal node. 

59. A computer readable medium according to claim 58, wherein the step of 
receiving the security authorization request is executed by the external node. 

60. A computer readable medium according to claim 49, wherein the method 
further comprises a step of terminating the secure connection when a session between 
the external node and the internal node is complete. 
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61. A computer readable medium according to claim 43, wherein the method 
further comprises a step of terminating connection processing when no match, 
between the first protocol set and the second protocol set is found. 

62. A computer readable medium according to claim 43, wherein the method 
further comprises a step of selecting a protocol to use in establishing the secure 
connection when a plurality of matching protocols are found. 
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